[Skip To Content]

Senior Analyst, Cybersecurity Compliance

  • 위치
    • Austin, Texas
    • Warren, Michigan
  • 직무 유형 Full time
  • 게시됨
  • Job Requisition JR-202606337

설명

The Role:
The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics.

The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub‑ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk‑informed, compliance‑focused decisions.

What You'll Do:

Compliance Oversight & Risk Management

  • Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF), using its Functions, Categories, and Subcategories to structure policies, controls, assessments, and reporting, while also meeting applicable regulatory and industry standards.

  • Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains.

  • Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements.

  • Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set.

ILM Program Compliance

  • Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements.

  • Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories.

  • Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness.

  • Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations.

Export Controls Compliance

  • Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments.

  • Partner with the ECO/Sub‑ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring).

  • Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing.

  • Support investigations, issues management, and remediation for Export‑related control deficiencies and incidents.

Business Continuity & Cyber Resilience

  • Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events.

  • Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover).

  • Support exercises, simulations, and post‑event reviews to validate the effectiveness of BCP‑related cyber controls and drive continuous improvement.

Reporting, Dashboards & Executive Communication

  • Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders.

  • Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends.

  • Translate technical compliance and control findings into plain‑language, decision‑ready insights for non‑technical stakeholders, emphasizing business and regulatory impact.

Data, Automation & GRC Platforms

  • Manage Cybersecurity’s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations.

  • Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP.

  • Collaborate with Cybersecurity and IT teams to populate and maintain high‑quality risk and compliance data for these domains.

  • Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports.

Your Skills & Abilities (Required Qualifications):

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field.

  • Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization.

  • Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO).

  • Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI‑DSS, GDPR, CCPA, export regulations, records/retention requirements).

  • Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations.

  • Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting.

  • Excellent communication, presentation, and interpersonal skills; able to translate technical compliance topics into concise, executive‑ready messages.

  • Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment.

What Will Give You A Competitive Edge (Preferred Qualifications):

  • Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field.

  • Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management.

  • Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800‑34, and COBIT DSS04.

  • Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities.

  • Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards.

  • Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP.

  • Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise.

  • Experience working with globally distributed teams and cross‑functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity).

#LI-SB3

GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.)

이 직무는 하이브리드 직무로 분류됩니다. 즉, 선발된 지원자는 특정 근무지로 주 3일 이상(또는 관리자가 지정한 다른 빈도로) 특정 근무지로 출근해야 합니다.

이 직무는 리로케이션 혜택을 받을 수 없습니다. 모든 리로케이션 관련 비용은 최종선정 된 지원자가 부담해야 합니다.

다양성 정보

General Motors는 법적으로 금지된 차별을 배제하는 것은 물론 포용성과 소속감을 진정으로 장려하는 직장이 되기 위해 노력하고 있습니다. 당사는 다양성이 보장되는 환경에서 직원들이 역량을 발휘하고 우리 고객을 위한 더 좋은 제품을 개발할 수 있다고 믿습니다. 따라서 입사에 관심 있는 사람이 있다면 포지션별 주요 업무와 자격을 확인하고 본인이 보유한 기술과 능력에 부합하는 모든 포지션에 적극적으로 지원하기를 장려합니다. 지원자는 채용 과정에서 역할 관련 평가(해당하는 경우) 및/또는 채용 전 스크리닝을 통과해야 합니다.  자세한 정보는 GM 채용 과정 안내를 참고하십시오.

공평한 취업 기회 선언 (미국)

General Motors는 공평한 기회를 제공하는 고용주임을 자부합니다.  자격을 만족하는 지원자는 인종과 피부색, 성별, 성적 지향, 성별 정체성, 국적, 장애, 재향 군인 보호법 적용 여부와 상관없이 채용 후보로서 심사를 받습니다. 

숙소 (미국 및 캐나다)

General Motors는 장애인을 포함한 모든 구직자들에게 취업 기회를 제공합니다. 구직이나 취업 지원에 도움이 되는 합리적인 숙소가 필요한 경우 [email protected]으로 이메일을 보내시거나 800-865-7580으로 전화주십시오. 이메일에, 귀하가 요청하는 특정한 숙소에 대한 설명과 귀하가 지원하는 직무와 채용 요청서 번호를 포함해주세요.